Bruce,
answer is yes, use ScriptletAttributeDefinition - it works as described.
I can send you my script (for a slightly different situation) if that
helps.
The only alternative would be to populate your AD with the exact value
for ePSA but that I expect is not straightforward.
Colin.
On 13 Mar, Bruce Rodger wrote:
> (having re-read what I've just written , I guess the question could
> be usefully rephrased as "where can I find a useful reference
> document on configuring the resolver that doesn't just tell me half
> the story...")
>
> IdP 1.3.1, Apache/Tomcat/FreeBSD. Nothing unusual so far....
>
> The IdP is using LDAP to access Microsoft Active Directory. So far, we've
> managed to use this for password verification, and to retrieve simple
> attributes.
>
> However, I now want to do something a little more complex.
>
> We already have an "account-category" field in our directory. This contains
> values such as "undergraduate", "postgraduate", "staff-primary", "staff-secondary",
> "visitor", etc etc. So the values are not the same as those required for
> eduPersonScopedAffiliation, but it should be easy to derive the
> eduPersonScopedAffiliation values from these.
>
> Question: How do I implement this? Do I have to use
> ScriptletAttributeDefinition - the example code on
> https://spaces.internet2.edu/display/SHIB/ScriptletAttributeDefinition does
> something similar - or is there a more straightforward way?
>
>
> Bruce.
>
--
Colin Farrow
Computing Service, University of Glasgow, Glasgow G12 8QQ
Tel: 0141 330 4862, Email: [log in to unmask]
---
|